Hackers exploit zero day bug to steal from General Bytes Bitcoin ATMs

General Bytes, a Bitcoin ATM manufacturer, had its servers compromised by a zero-day hack on Aug. 18. This allowed hackers to become the default admins and change settings to ensure that all funds were transferred to their wallet address.

Although the exact amount of money stolen and the number of ATMs that were compromised have not been disclosed, the company urgently advised ATM operators in order to upgrade their software.

General Bytes, which operates 8827 Bitcoin ATMs in more than 120 countries, confirmed the hack on Aug. 18. Prague, Czech Republic is where the ATMs are made. Customers can sell or buy more than 40 coins at ATMs.

Since the hacker modified the CAS software to version 20,201208 on Aug. 18, the vulnerability has been known.

General Bytes has asked customers not to use their General Bytes ATM server until they upgrade their server to patch release 202220725.22 and 20220531.38 respectively for customers who are on 20220531.

Customers were also advised to change their server firewall settings to ensure that the CAS admin interface is only accessible from authorized IP addresses.

General Bytes reminded customers that they should review their “SELL Crypto Setting” before activating the terminals. This is to make sure that hackers don’t alter the settings so that received funds are transferred to them and not to customers.

General Bytes stated that there had been several security audits since 2020. None of them identified this vulnerability.

The attack and how it happened

General Bytes’ security team claimed in a blog that hackers carried out a zero-day attack to gain access the company’s Crypto Application Server, (CAS), and extract the funds.

The ATM’s whole operation is managed by the CAS server. This includes buying and selling crypto on exchanges, and which coins are supported.

Related: Vulnerable. Kraken revealed that many US Bitcoin ATMs still use default admin QR code.

According to the company, hackers “scanned for exposed servers running at TCP ports 7777 and 443, including servers hosted by General Bytes’ cloud service.”

The hackers then added themselves as the default admin to the CAS. They named it ‘gb’. Next, they modified the ‘buy/sell’ settings so that any crypto received from the Bitcoin ATM would instead go to the hacker’s wallet address.

“The attacker was able remotely create an administrator user via the CAS administrative interface via URL calls on the page that is used to install the default server and create the first administration user.”

2021's Most Anticipated Growth & Wealth-Building Opportunity

Join Thousands of Early Adopters Just Like You Who Want to Grow Capital and Truly Understand Cryptocurrency Together

Eileen Wilson

Eileen Wilson –Technology and Energy My Name is Eileen Wilson with more than 5 years of experience in the Stock market industry, I am energetic about Technology news, started my career as an author then, later climbing my way up towards success into senior positions. I can consider myself as the backbone behind the success and growth of topmagazinewire.com with a dream to expand the reach out of the industry on a global scale. I am also a contributor and an editor of the Technology and Energy category. I experienced a critical analysis of companies and extracted the most noteworthy information for our vibrant investor network.

Close Bitnami banner
Bitnami